This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ALM/QC access - multiple LDAP authentication server

Does anyone have experience using ALM/QC with two LDAP authentication servers that point to different domains (organizations)? 
Is such a configuration possible, and secondly, are there any technical issues (site-related or project-related) to consider?

Machine Data Systems, Opentext business and technology alliance partner

Follow Us on LinkedIN for the latest news, live webinars and more

  • 0  

    ALM supports multiple LDAP servers with different domains. You can read the site administration guide to know how to setup each LDAP server. 

    It is site related so it is transparent for the projects what domain the users belong to. 

    There are best practices of SaaS ALM servers on which OpenText users authenticate at OpenText LDAP server, besides the customer users authenticate at customer's LDAP server. 

  • 0 in reply to   

    Thanks for the quick reply.  I can't find a link to the best practices document you're referring to.  If possible can you share a link.

    Further to my question -

    - what about situation where username exists in both domain1 and domain2?  Odds of this happening is very low, but could happen.

    - what about the situation where domain1 is hosting ALM and using external authentication (SSO) but domain2 accessing ALM is not
    using SSO.  Would this pose conflicts or other issues.

    thanks in advance

    Machine Data Systems, Opentext business and technology alliance partner

    Follow Us on LinkedIN for the latest news, live webinars and more

  • 0   in reply to 

    The best practice what I mentioned is the real ALM servers for SaaS. There are no document or link to share you because these servers are for real SaaS customer users to access. I was just trying to let you know such configuration is feasible so no need to worry about it. You can make it work with the existing guidance of the site administration online guide. 

    As the conflict usernames, please note that ALM username has to be unique globally at whole site level. So you can rename conflicted users with different username during importing LDAP users into ALM. Please refer to the SiteAdmin guide document chapter of 'Managing ALM Users' to know the details of it. 

    As you question about whether it is supported the hybrid authentication of domain1 users is hosting ALM authentication and domain2 users via SSO. Only the following hybrid mode is supported: some users do authentication with ALM local user/password and other users do authentication with SSO. Even multiple SSO IdPs are supported by ALM. But it is not supported that domain1 users authenticate with LDAP and domain2 users via SSO. 

  • Suggested Answer

    0   in reply to 

    You may refer to our User Management Guide. It introduces how to configure multiple LDAP servers in ALM.

    For each ALM user, you may assign LDAP server to the user. In this case, duplicate username exists in different LDAP servers won't cause problem.